Unapproved Device Access

Within your customer’s environment, each end user is linked to a set of “known devices.” These are the specific computers, tablets, phones and other devices that have been pre-approved by the company for the employee to use for work.

The majority of the time, users log into your clients’ accounts and systems using their known devices.

But occasionally, there will be a discrepancy. And those discrepancies — while maybe not an emergency every time — are still important for you to pay attention to.

They may be nothing. But they may be a big problem.

When Is Unapproved Device Access a Problem?

There are legitimate situations where an end user accesses their accounts on an unexpected device. 

Maybe the user is borrowing their partner’s laptop. Or, they’re setting up their email app on a new iPhone. 

But unapproved device access in conjunction with other suspicious activity can be cause for concern. 

For example, maybe an unknown device accesses an account, then immediately starts a bulk file download. A cybercriminal might as well be holding a neon sign that says “I’m stealing all your data!!”

Or, the user logs in from both an unapproved device and an unapproved location. This could signal that a bad actor is actually on the other side of the screen.

Importance of Unapproved Device Defense Measures

When it comes to keeping clients safe, you want to know when an unknown device enters the chat. Because if your clients are being hacked, acting fast will help you:

  • Protect against network intrusions: While it’s possible a bad actor could get a hold of a company-approved laptop and do something malicious, it’s more likely they’ll break into the network using an unapproved device. 
  • Prevent data loss: Unapproved device access can often be the first step of a breach. The sooner you notice it’s happening, the quicker you can confirm whether it’s an actual problem — and the better you can protect your customers’ data. (Yay, you!)

How Unapproved Device Detection Works With SaaS Alerts

SaaS Alerts combines continuous monitoring and user behavior analytics to help you protect your clients from bad actors on unapproved devices. Here’s how we help you cover your customers’ SaaS. 

Take Advantage of Continuous Event Monitoring

Depending on how many customers you have (and how many end users they have), there could be thousands of login events to keep track of each day.

To manually keep up with all of those — AND isolate the suspicious ones — would require superhuman focus. (Or finding a way to squeeze more than 24 hours out of a day.) 

Instead, let SaaS Alerts do the monitoring for you. You work on your business. We’ll monitor your logins and let you know if something looks fishy. 

No superhuman focus required.

Build Indicators of Compromise That Include Unapproved-Device Flags

If there is a bad actor on the other side of that login, you want to stop them in their tracks. 

But shutting down an account every time someone logs in from an unapproved device would be annoying for everyone involved. 

What you can do is use SaaS Alerts to set up customized indicators of compromise that prevent access if an unapproved device login occurs alongside other suspicious behaviors. 

For example, you can build a rule within our Respond module that shuts down an account if three suspicious actions occur simultaneously. 

For example: 

  1. Someone changes their password
  2. From an unknown location and
  3. On an unknown device.
Enjoy easy data storage and reporting

Unknown device logins can be useful data points to track. They help identify user behavior patterns. For example, does an end user frequently use an unapproved device? Did they get a new phone they just haven’t told management about yet?

With SaaS Alerts, you can easily pull reports on unknown device logins, then use those records to proactively troubleshoot and protect your customers’ SaaS. 

And the best part about letting SaaS Alerts take all this off your plate? Our software works 24/7/365 — so you can take breaks, enjoy your life and get a little extra sleep.

“Thanks to SaaS Alerts, I worry less about potential risk when I’m sleeping. That’s a really big deal for me. Before SaaS Alerts, when I went to bed, I thought, ‘Hackers don’t sleep. What will happen if I do?” — Kirolos Abdalla, formerly of WOM Technology Management Group.

See how we helped Kirolos catch some ZZZs. 

Ready to Get Started?

Differentiate your MSP while super charging your cybersecurity revenue and better protecting your customers from the ever-growing SaaS threat landscape.

Get Started

Request a Demo